[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f6vPyzfUCzXzROCs6seNkLWpt_F9s812zq0L3ltZrAN0":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":25,"download_link":26,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29,"vulnerabilities":30,"developer":31,"crawl_stats":28,"alternatives":37,"analysis":145,"fingerprints":279},"protect-admin-account","Protect Admin","2.1.6","KeystrokeClick","https:\u002F\u002Fprofiles.wordpress.org\u002Fkeystrokeclick\u002F","\u003Cp>This plugin protects selected WP Admin accounts, and standard posts created by those Admins, from being deleted or edited by other users. This plugin is hidden from all users other than the Admin who installs it. Only users with the “Administrator” role can be protected.\u003C\u002Fp>\n\u003Cp>This plugin might be useful if you want to share admin access with other users (i.e. IT team, developers, etc) but don’t want to risk impacting the accounts of certain Admins. Or, perhaps you’re the developer or IT member who might need this plugin to prevent other non-technical Admins from accidentally deleting your account or key Admins on specific projects.\u003C\u002Fp>\n\u003Ch3>How It Works\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\n\u003Cp>As soon as the plugin is \u003Cstrong>activated\u003C\u002Fstrong>, it will store the ID of the user that activates the plugin. The plugin will then be hidden from all users other than this user.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>You can choose which Admin accounts (yours or others) to protect. Only the Admin who activates the plugin can save its settings. Other users won’t see the Settings page or the menu.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Once protected admin accounts are selected on the Settings page, other users and admins will \u003Cstrong>NOT\u003C\u002Fstrong> be able to:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>delete the protected Admin accounts.\u003C\u002Fli>\n\u003Cli>access the profile edit page for the protected Admin accounts.\u003C\u002Fli>\n\u003Cli>change the role of the protected Admin accounts.\u003C\u002Fli>\n\u003Cli>select the protected Admin accounts in the bulk actions on users list page.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Additionally, if other users or Admins, under unlikely circumstances, are able to access the user profile page of the protected Admin accounts using other plugins, this plugin will prevent any modifications from being saved.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Similar to the above, if other users or Admins are able to change the protected Admin account’s email address via the Profile page, this plugin will revert it back to the original email address.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Also, should someone attempt to edit a protected Admin’s account, the attempted action will be logged to the database. You can view recent attempts under Logs within the plugin’s section.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Important Reminder\u003C\u002Fh3>\n\u003Cp>Once you deactivate the plugin, all users with the ability to manage plugins (\u003Ccode>activate_plugins\u003C\u002Fcode> capability) will be able to see the plugin. It is advised to only deactivate the plugin when you feel safe to do so. Otherwise you can just enable or disable protection from the plugin’s Settings page.\u003C\u002Fp>\n\u003Cp>If you want to be extra cautious (depending on your needs), you should also manually disallow file edit. This plugin doesn’t do that because some people might still need it.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>define( 'DISALLOW_FILE_EDIT', true );\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Cp>This plugin has NOT been tested with other user management plugins or role editor plugins. Hence its use alongside these types of plugins is not guaranteed to work as intended.\u003C\u002Fp>\n\u003Ch3>Email Notification\u003C\u002Fh3>\n\u003Cp>You can choose to get notified by email when someone attempts to modify your protected Admin accounts. Easily enable or disable email notification when you upgrade to \u003Ca href=\"https:\u002F\u002Fprotectadmin.com\u002Fplugin\u002Fprotect-admin-account-pro-wordpress-plugin\u002F\" rel=\"nofollow ugc\">Protect Admin PRO\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Protect Admin PRO\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Be the first to know when someone is attempting to modify your protected admin accounts.\u003C\u002Fli>\n\u003Cli>Get access to all logs and data of users who try to modify the protected admin accounts (the FREE version only records the most recent attempt).\u003C\u002Fli>\n\u003Cli>Protect standard posts and pages made directly by protected Admins.\u003C\u002Fli>\n\u003Cli>See \u003Ca href=\"https:\u002F\u002Fprotectadmin.com\u002Fplugin\u002Fprotect-admin-account-pro-wordpress-plugin\u002F\" rel=\"nofollow ugc\">more\u003C\u002Fa>.\u003C\u002Fli>\n\u003C\u002Ful>\n","Protect admin accounts from being deleted or modified by other users. This plugin will always be hidden from all users other than the admin who instal …",2000,27720,100,5,"2026-03-03T19:21:00.000Z","6.9.4","4.7","5.3",[20,21,22,23,24],"admin","admin-account","prevent-admin-deletion","protect","user-account","https:\u002F\u002Fprotectadmin.com\u002Fplugin\u002Fprotect-admin-account-pro-wordpress-plugin\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprotect-admin-account.2.1.6.zip",0,null,"2026-03-15T15:16:48.613Z",[],{"slug":32,"display_name":7,"profile_url":8,"plugin_count":33,"total_installs":11,"avg_security_score":13,"avg_patch_time_days":34,"trust_score":35,"computed_at":36},"keystrokeclick",1,30,94,"2026-04-04T17:01:05.043Z",[38,64,85,105,124],{"slug":39,"name":40,"version":41,"author":42,"author_profile":43,"description":44,"short_description":45,"active_installs":46,"downloaded":47,"rating":48,"num_ratings":49,"last_updated":50,"tested_up_to":16,"requires_at_least":51,"requires_php":52,"tags":53,"homepage":59,"download_link":60,"security_score":61,"vuln_count":62,"unpatched_count":27,"last_vuln_date":63,"fetched_at":29},"protect-wp-admin","Protect WP Admin","4.2","WP-EXPERTS.IN","https:\u002F\u002Fprofiles.wordpress.org\u002Findia-web-developer\u002F","\u003Cp>Protect WP Admin adds an extra security layer to your WP site by allowing you to rename and secure the wp-admin and wp-login.php URLs.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Change default admin URL (e.g., \u002Fwp-admin to \u002Fmyadmin)\u003C\u002Fli>\n\u003Cli>Restrict access to dashboard by roles or specific user IDs\u003C\u002Fli>\n\u003Cli>Customize login page colors and logo\u003C\u002Fli>\n\u003Cli>Block access to default login URLs\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Stop bots and hackers from brute-forcing your login page. This plugin is ideal for any site looking to increase login security without modifying core files.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Video Demo:\u003C\u002Fstrong>\u003Cbr \u002F>\nhttps:\u002F\u002Fyoutu.be\u002FMxr2MLDNACE\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Pro Add-on Available:\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.wp-experts.in\u002Fproducts\u002Fprotect-wp-admin-pro\" rel=\"nofollow ugc\">Click here to download add-on\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Define Custom WP Admin Login URL (e.g., http:\u002F\u002Fyourdomain.com\u002Fmyadmin)\u003C\u002Fli>\n\u003Cli>Add custom logo and styling to login page\u003C\u002Fli>\n\u003Cli>Restrict wp-admin access to only admin or defined user IDs\u003C\u002Fli>\n\u003Cli>Redirect all unauthorized users and bots\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Pro Features\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Rename wp-admin completely\u003C\u002Fli>\n\u003Cli>Set login attempt limits\u003C\u002Fli>\n\u003Cli>Track login history\u003C\u002Fli>\n\u003Cli>Change usernames\u003C\u002Fli>\n\u003Cli>More style controls\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Get the Pro Version:\u003C\u002Fstrong>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwww.wp-experts.in\u002Fproducts\u002Fprotect-wp-admin-pro\u002F?utm_source=wordpress.org&utm_medium=free-plugin&utm_campaign=15off\" rel=\"nofollow ugc\">Protect WP Admin Pro\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch3>License\u003C\u002Fh3>\n\u003Cp>This plugin is licensed under the GPLv2 or later.\u003Cbr \u002F>\nhttps:\u002F\u002Fwww.gnu.org\u002Flicenses\u002Fgpl-2.0.html\u003C\u002Fp>\n","Protect your WP site by changing the default wp-admin URL and customizing the login page for enhanced security.",10000,533784,72,50,"2026-02-05T17:04:00.000Z","6.0","",[54,55,56,57,58],"admin-url","hack-prevention","protect-admin","secure-admin","secure-login","https:\u002F\u002Fwww.wp-experts.in\u002Fproducts\u002Fprotect-wp-admin-pro","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprotect-wp-admin.4.2.zip",93,4,"2025-12-15 00:00:00",{"slug":65,"name":66,"version":67,"author":68,"author_profile":69,"description":70,"short_description":71,"active_installs":72,"downloaded":73,"rating":13,"num_ratings":74,"last_updated":75,"tested_up_to":16,"requires_at_least":76,"requires_php":77,"tags":78,"homepage":83,"download_link":84,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"wp-admin-protect","Protector – Login Security & Hide Admin URL","3.0.0","Marcello Ruoppolo","https:\u002F\u002Fprofiles.wordpress.org\u002Fmarcelloruoppolome\u002F","\u003Cp>Protector adds a lightweight security layer to your WordPress site by “hiding” the default login page. By setting a secret term, only users who know the specific URL can access the login screen.\u003C\u002Fp>\n\u003Cp>Any unauthorized attempt to access \u003Ccode>wp-login.php\u003C\u002Fcode> without your secret term will be automatically redirected to a custom URL of your choice, such as your homepage or an external site.\u003C\u002Fp>\n\u003Cp>Key Features:\u003Cbr \u002F>\n* Simple and lightweight (No Bloat).\u003Cbr \u002F>\n* Integrated with WordPress Native UI.\u003Cbr \u002F>\n* Prevents brute force attacks by hiding the entry point.\u003Cbr \u002F>\n* Customizable redirect URL.\u003C\u002Fp>\n","Protect your WP Admin access. Easily change your wp-login URL by adding a secret term to hide your login page from bots and unwanted visitors.",200,5018,3,"2026-02-14T06:27:00.000Z","5.0","7.4",[79,80,81,23,82],"brute-force","hide-admin","login","security","https:\u002F\u002Fmarcellodev.xyz\u002Fprotector","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-admin-protect.3.0.0.zip",{"slug":86,"name":87,"version":88,"author":89,"author_profile":90,"description":91,"short_description":92,"active_installs":13,"downloaded":93,"rating":27,"num_ratings":27,"last_updated":94,"tested_up_to":16,"requires_at_least":95,"requires_php":52,"tags":96,"homepage":101,"download_link":102,"security_score":103,"vuln_count":33,"unpatched_count":27,"last_vuln_date":104,"fetched_at":29},"echbay-admin-security","EchBay Admin Security","1.3.1","Dao Quoc Dai","https:\u002F\u002Fprofiles.wordpress.org\u002Fitvn9online\u002F","\u003Cp>If you run a WordPress website, you should absolutely use echbay-admin-security to secure it against hackers.\u003C\u002Fp>\n\u003Cp>Protect WP-Admin fixes a glaring security hole in the WordPress community: the well-known problem of the admin panel URL.\u003Cbr \u002F>\nEveryone knows where the admin panel, and this includes hackers as well.\u003C\u002Fp>\n\u003Cp>Protect WP-Admin helps solve this problem by allowing webmasters to setup PIN number or password for login page.\u003C\u002Fp>\n\u003Cp>The plugin also comes with some access filters, allowing webmasters to restrict guest and registered users access to wp-admin, just in case you want some of your editors to log in the classic way.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>\u003Ca href=\"https:\u002F\u002Fpaypal.me\u002Fitvn9online\u002F5\" rel=\"nofollow ugc\"> Thanks for donate \u003C\u002Fa>\u003C\u002Fstrong>\u003C\u002Fp>\n","Protect Your Website Admin Against Hackers & Modify Login Page Design ( Nhiệm vụ: chặn mọi truy cập trực tiếp vào trang quản trị wordpress dưới dạ …",11190,"2025-11-28T02:58:00.000Z","4.8",[97,98,99,100,57],"change-admin-url","change-wp-admin-url","protect-wordpress-admin","rename-admin-url","https:\u002F\u002Fwww.facebook.com\u002Fgroups\u002Fwordpresseb","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fechbay-admin-security.zip",99,"2025-11-20 19:30:13",{"slug":106,"name":107,"version":67,"author":108,"author_profile":109,"description":110,"short_description":111,"active_installs":112,"downloaded":113,"rating":27,"num_ratings":27,"last_updated":114,"tested_up_to":115,"requires_at_least":116,"requires_php":52,"tags":117,"homepage":121,"download_link":122,"security_score":123,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"protect-admin-login","Protect Admin Login","ViitorCloud Technologies Pvt Ltd","https:\u002F\u002Fprofiles.wordpress.org\u002Fviitorcloudvc\u002F","\u003Cp>A simple plugin allows to overwrite wp-admin url to login backend.\u003C\u002Fp>\n\u003Cp>If you run a WordPress website, you must use “Protect Admin Login” to secure it against hackers.\u003C\u002Fp>\n\u003Cp>It blocks default wp-admin login link.\u003C\u002Fp>\n\u003Cp>You can add new url in backend in Settings\u002FPermalinks section.\u003C\u002Fp>\n\u003Ch4>Get Involved\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fviitorcloud.com\u002F\" rel=\"nofollow ugc\">ViitorCloud\u003C\u002Fa> believes in active community support. So, with our plugins, we aim to try to make life easy for developers & customers. Subscribe to our newsletter for more updates.\u003C\u002Fp>\n","A simple plugin allows to overwrite wp-admin url to login backend.",20,1023,"2024-05-24T09:27:00.000Z","6.5.8","3.8",[118,119,106,120,57],"change-wp-admin","custom-admin-url","protect-backend","#","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fprotect-admin-login.zip",92,{"slug":125,"name":126,"version":127,"author":128,"author_profile":129,"description":130,"short_description":131,"active_installs":132,"downloaded":133,"rating":27,"num_ratings":27,"last_updated":134,"tested_up_to":135,"requires_at_least":136,"requires_php":52,"tags":137,"homepage":143,"download_link":144,"security_score":13,"vuln_count":27,"unpatched_count":27,"last_vuln_date":28,"fetched_at":29},"forcefield","ForceField","1.0.9","Tony Hayes","https:\u002F\u002Fprofiles.wordpress.org\u002Fmajick\u002F","\u003Cp>Adds several layers of security to restrict access to common hacking attack vectors. By filtering requests in a more specific and intelligent way, ForceField allows permitted actions to continue unaltered, but blocks actions that are disallowed or not explicitly unauthorized.\u003C\u002Fp>\n\u003Cp>ForceField is not a “firewall” – nor a replacement for a comprehensive security plugin, but rather is intended to \u003Cem>complement and enhance your existing security measures\u003C\u002Fem>, by adding some unique and innovative protection features not easily found elsewhere. These include:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>tokenizing and recording login\u002Fregistration behaviour\u003C\u002Fli>\n\u003Cli>protecting whitelisted administrator and user roles\u003C\u002Fli>\n\u003Cli>restricting WordPress API access and endpoints\u003C\u002Fli>\n\u003Cli>tracking bot behavior and blocking repeat transgressors\u003C\u002Fli>\n\u003Cli>periodically checking for known vulnerabilities\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Cstrong>Tokenized Protection\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Easily reduce Brute Force Password attacks, SPAM Comments, Fake User Registrations and Sploggers! Adds a dynamic Javascript Token field to all common user action forms: Login, Registration (and optionally BuddyPress Registration), Blog Signup (Multisite only), Lost Password and Commenting. You can adjust the settings to apply to any or all of these, giving you more fine-grained control as needed.\u003C\u002Fp>\n\u003Cp>Since the majority of bots do not have the capacity or time to recognize and process javascript fields, their attempts at access via these actions are instantly blocked – with repeat offender getting IP banned from further attempts. This gives seamless and invisible protection (without needing an annoying ReCaptcha field.)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Login Role Protection\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>A last line of defense against hackers who have managed to “somehow” create their own administrator account or escalate their user priveleges! Automatically block, notify by email, revoke role and\u002For demote to subscriber any “administrator” account that logs in who is not in an \u003Cem>explicitly allowed list\u003C\u002Fem> of verified administrator usernames. Goodbye escalated privelege attack!\u003C\u002Fp>\n\u003Cp>\u003Cstrong>API Protection\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Adds several ways to restrict access to XML RPC and REST API features. While these \u003Cem>can\u003C\u002Fem> be disabled, there are several other options provided to severely limit bot and other unauthorized access while still being able to use these features as intended! Part of the aim of this plugin is to make these options available for everyone without needing to code them: Multiple request slowdown, disable XML RPC logins, logged in access only, restrict access to specified user roles, and require secure connection.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Behavioural Protection\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>ForceField also records access to user actions missing referer headers, missing or bad tokens, and other bad behaviours in a custom table. Reaching transgression limits for any specific action results in an IP ban. Transgression occurrences are reduced via cooldown over time, with old records expired and later deleted (with intervals adjustable.) This process keeps protection high for fresh attacks while keeping the database free of old record bloat. Also gives the option to output a form to banned IPs so users can unblock themselves manually in case of false positives (and so you don’t lock yourself out of your site!)\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Vulnerability Check\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Checks your installed core, plugins and themes for known vulnerabilities, according to the frequency you set for each. Then sends email alerts and provides an Admin Notice for any new vulnerabilities when they found, giving you a heads up on updates that require action. (Note: This feature is complete but currently being retested more extensively before being included in the plugin in an upcoming version. If you wish to test it out yourself beforehand, you can download the plugin from \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmajick777\u002Fforcefield\u002F\" rel=\"nofollow ugc\">Github repository\u003C\u002Fa>.)\u003C\u002Fp>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwordquest.org\u002Fplugins\u002Fforcefield\u002F\" rel=\"nofollow ugc\">ForceField Home\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwordquest.org\u002Fsupport\u002Fforcefield\u002F\" rel=\"nofollow ugc\">Support Forum\u003C\u002Fa>\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwordquest.org\u002Fplugins\u002Fforcefield\u002F\" rel=\"nofollow ugc\">ForceField Home\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Like this plugin? Check out more of our free plugins here:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwordquest.org\u002Fplugins\u002F\" title=\"WordQuest Plugins\" rel=\"nofollow ugc\">WordQuest\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>Looking for an awesome theme? Check out my child theme framework:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fbioship.space\" title=\"BioShip Child Theme Framework\" rel=\"nofollow ugc\">BioShip Child Theme Framework\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cp>For support or if you have an idea to improve this plugin:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwordquest.org\u002Fsupport\u002Fforcefield\u002F\" title=\"ForceField Support\" rel=\"nofollow ugc\">ForceField Support Quests\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Contribute\u003C\u002Fh4>\n\u003Cp>Help support improvements and log priority feature requests by a gift of appreciation:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fwordquest.org\u002Fcontribute\u002F?plugin=forcefield\" rel=\"nofollow ugc\">Contribute to ForceField\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Development\u003C\u002Fh4>\n\u003Cp>To aid directly in development, please fork on Github and do a pull request:\u003Cbr \u002F>\n\u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fmajick777\u002Fforcefield\u002F\" rel=\"nofollow ugc\">ForceField on Github\u003C\u002Fa>\u003C\u002Fp>\n","Strong and Flexible Access, User Action, API, Behavioural and Role Protection",10,1569,"2025-06-23T06:18:00.000Z","6.8.5","4.0.0",[138,139,140,141,142],"admin-protect","api-access","bot-protect","login-protect","xml-rpc","https:\u002F\u002Fwordquest.org\u002Fplugins\u002Fforcefield\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fforcefield.1.0.9.zip",{"attackSurface":146,"codeSignals":226,"taintFlows":269,"riskAssessment":270,"analyzedAt":278},{"hooks":147,"ajaxHandlers":222,"restRoutes":223,"shortcodes":224,"cronEvents":225,"entryPointCount":27,"unprotectedCount":27},[148,153,159,163,167,171,176,181,185,189,193,197,201,205,210,214,218],{"type":149,"name":150,"callback":151,"priority":33,"file":152,"line":112},"filter","user_row_actions","thp_paa_user_filter","includes\\paa-filters.php",{"type":154,"name":155,"callback":156,"priority":103,"file":157,"line":158},"action","admin_menu","thp_paa_admin_menu","includes\\paa-options.php",39,{"type":154,"name":160,"callback":161,"file":157,"line":162},"in_admin_footer","closure",61,{"type":149,"name":164,"callback":165,"priority":33,"file":157,"line":166},"admin_footer_text","thp_paa_admin_settings_footer",62,{"type":149,"name":168,"callback":169,"file":157,"line":170},"custom_menu_order","thp_paa_options_submenus",536,{"type":149,"name":172,"callback":173,"priority":132,"file":174,"line":175},"user_has_cap","thp_paa_protect_admin_posts","includes\\paa-protection-posts.php",51,{"type":154,"name":177,"callback":178,"priority":132,"file":179,"line":180},"user_profile_update_errors","thp_paa_revert_email_change","includes\\paa-protection-users.php",34,{"type":154,"name":182,"callback":183,"file":179,"line":184},"admin_init","thp_paa_prevent_edit_user_url_access",68,{"type":154,"name":186,"callback":187,"file":179,"line":188},"delete_user","thp_paa_prevent_user_deletion",102,{"type":154,"name":190,"callback":191,"file":179,"line":192},"edit_user_profile_update","thp_paa_prevent_update_user",130,{"type":149,"name":194,"callback":195,"file":179,"line":196},"show_password_fields","thp_paa_hide_pwd_fields",154,{"type":154,"name":198,"callback":199,"file":179,"line":200},"admin_head","thp_paa_remove_checkbox",185,{"type":154,"name":202,"callback":203,"priority":132,"file":179,"line":204},"set_user_role","thp_paa_revert_user_role",225,{"type":154,"name":206,"callback":207,"file":208,"line":209},"admin_notices","thp_paa_check_version_update","index.php",111,{"type":149,"name":211,"callback":212,"file":208,"line":213},"all_plugins","thp_paa_hide_plugin",167,{"type":154,"name":215,"callback":216,"file":208,"line":217},"pre_current_active_plugins","thp_paa_deactivate_plugin",178,{"type":154,"name":219,"callback":220,"priority":132,"file":208,"line":221},"thp_paa_before_termination_wpdie","thp_paa_log_actions_to_db",256,[],[],[],[],{"dangerousFunctions":227,"sqlUsage":228,"outputEscaping":230,"fileOperations":262,"externalRequests":27,"nonceChecks":33,"capabilityChecks":263,"bundledLibraries":264},[],{"prepared":27,"raw":27,"locations":229},[],{"escaped":231,"rawEcho":231,"locations":232},15,[233,235,237,238,240,242,244,246,248,250,252,254,256,258,260],{"file":157,"line":209,"context":234},"raw output",{"file":157,"line":236,"context":234},112,{"file":157,"line":236,"context":234},{"file":157,"line":239,"context":234},113,{"file":157,"line":241,"context":234},141,{"file":157,"line":243,"context":234},169,{"file":157,"line":245,"context":234},202,{"file":157,"line":247,"context":234},231,{"file":157,"line":249,"context":234},255,{"file":157,"line":251,"context":234},328,{"file":157,"line":253,"context":234},377,{"file":157,"line":255,"context":234},398,{"file":157,"line":257,"context":234},412,{"file":179,"line":259,"context":234},173,{"file":208,"line":261,"context":234},106,2,7,[265],{"name":266,"version":267,"knownCves":268},"Freemius","1.0",[],[],{"summary":271,"deductions":272},"The \"protect-admin-account\" v2.1.6 plugin exhibits a generally strong security posture based on the provided static analysis. The absence of any AJAX handlers, REST API routes, shortcodes, or cron events without authentication or proper permission checks indicates a minimal attack surface.  Furthermore, the plugin avoids dangerous functions and utilizes prepared statements for all SQL queries, which are critical security best practices. The presence of nonces and capability checks further reinforces its defensive programming.  However, a notable concern arises from the output escaping; with only 50% of outputs properly escaped, there's a risk of cross-site scripting (XSS) vulnerabilities if user-controlled input is not sufficiently sanitized before being displayed to users. The plugin's clean vulnerability history with no known CVEs is a positive indicator, suggesting a lack of past exploitable flaws.  Despite the concerning output escaping, the overall security is good due to the restricted attack surface and secure data handling.",[273,276],{"reason":274,"points":275},"50% of outputs are not properly escaped",8,{"reason":277,"points":74},"Bundled library Freemius v1.0 may be outdated","2026-03-16T18:35:30.784Z",{"wat":280,"direct":289},{"assetPaths":281,"generatorPatterns":284,"scriptPaths":285,"versionParams":286},[282,283],"\u002Fwp-content\u002Fplugins\u002Fprotect-admin-account\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Fprotect-admin-account\u002Fjs\u002Fscripts.js",[],[283],[287,288],"protect-admin-account\u002Fcss\u002Fstyle.css?ver=","protect-admin-account\u002Fjs\u002Fscripts.js?ver=",{"cssClasses":290,"htmlComments":291,"htmlAttributes":292,"restEndpoints":293,"jsGlobals":294,"shortcodeOutput":298},[],[],[],[],[295,296,297],"window.thp_paa_ajax_object","var thp_paa_ajax_object","window.papro_fs",[]]